CVE-2025-23408
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-12

Last updated on: 2025-12-18

Assigner: Apache Software Foundation

Description
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1.Β The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-23408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache fineract to 1.11.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-521 The product does not require that users should have strong passwords.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Apache Fineract involves weak password requirements, which means the system allows users to set passwords that are not strong enough to provide adequate security. This weakness can make it easier for attackers to guess or crack passwords and gain unauthorized access.

Impact Analysis

The impact of this vulnerability is that attackers could exploit weak password policies to gain unauthorized access to the Apache Fineract system. This could lead to data breaches, unauthorized transactions, or other malicious activities compromising the confidentiality and integrity of the system.

Compliance Impact

Weak password requirements can lead to non-compliance with security standards and regulations such as GDPR and HIPAA, which mandate adequate security controls to protect sensitive data. Failure to enforce strong password policies may result in violations of these regulations, potentially leading to legal and financial penalties.

Mitigation Strategies

Upgrade Apache Fineract to version 1.11.0 or later, preferably to the latest release 1.13.0, as the vulnerability is fixed starting from version 1.11.0.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-23408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart